The management and protection of all personal data of visitors/users of the www.aspis-realestate.gr website, which is the property of MESITIKI AKINITON-FRANCHISE SA, hereinafter referred to as “ASPIS Real Estate”, is subject to the terms hereof and to the relevant provisions of Greek law (L. 2472/1997), the decisions of the Data Protection Authority and European law (Directive 2002/58/EC and GDPR 679/2016). The processing of personal data on behalf of the Company is in line with the law and its Data Protection Policy described below. Where there are links to other websites controlled by third parties - individuals or legal entities, ASPIS Real Estate is not responsible for their personal data management and protection terms. ASPIS Real Estate reserves the right to modify the terms of the Data Protection Policy upon notifying the visitors/users of its website, always within the applicable legal framework. ASPIS Real Estate's website visitors/users enjoy the right to access, rectification, erasure, restriction of processing, portability and to object, in relation to any of their personal data being processed. For this purpose they are kindly asked to address the Company in writing at MESITIKI AKINITON-FRANCHISE SA, 19 Sithonias Street, 115 22 Ambelokipi, Athens.
1. Purpose, Scope
MESITIKI AKINITON-FRANCHISE SA and its associate realtors-Franchisees forming part of the realtors network operating under the name ASPIS Real Estate, hereinafter referred to as “ ASPIS Real Estate”, are complying with the law concerning Personal Data Protection. This policy sets out the basic principles under which the ASPIS Real Estate network processes personal data of customers, employees, suppliers, partners and others. This Policy is applied within ASPIS Real Estate and its Greek subsidiaries directly or indirectly controlled by it. All persons employed under an definite or indefinite term employment agreement, and all associate franchisees, agents or even subcontractors working on behalf of ASPIS Real Estate are bound by this Policy.
2. Main Definitions
Below follow the main definitions of the terms used in this document, as set out in Article 4 of the General Data Protection Regulation, to enable data subjects to become familiar with GDPR terminology:
Personal Data any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
Special categories of Personal Data: personal data which are, by their nature, particularly sensitive in relation to fundamental rights and freedoms merit specific protection as the context of their processing could create significant risks to the fundamental rights and freedoms. Those personal data should include personal data revealing racial or ethnic origin, political opinion, religion or beliefs, trade union membership, and the processing of genetic data, biometric data for the purpose of unique identification of a person, data concerning the genetic or health status of a natural person or sexual orientation.
Data Controller: the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
Processor: a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Authority: The Data Protection Authority.
3. Basic principles concerning Personal Data Processing
As data controller, ASPIS Real Estate invariably observes the data protection principles provided in Article 5 of the General Data Protection Regulation.
3.1. Lawfulness, Fairness and Transparency
ASPIS Real Estate processes personal data lawfully, fairly and transparently towards data subjects.
3.2. Purpose Limitation
Personal data are collected for specified, explicit and legitimate purposes and are not further processed for any other purpose.
3.3. Data minimisation
ASPIS Real Estate keeps accurate personal data of the data subjects, limited to what is necessary in relation to the purposes for which they are processed, At the same time implementing appropriate technical measures for effecting the above objectives.
The personal data kept by ASPIS Real Estate are accurate and up to date. Every reasonable step is taken to ensure that personal data that are inaccurate, having regard to the purpo for which they are processed, are erased or rectified without delay.
3.5. Storage limitation
Personal data are kept for no longer than is necessary for the purposes for which ASPIS Real Estate processes them.
3.6. Integrity and confidentiality
Taking into consideration the technological level and other available security measures, the cost of implementation and the possibility and seriousness of the risks involved for personal data, ASPIS Real Estate uses adequate technical or organisational measures to process Personal Data in a manner that ensures appropriate security of the personal data, including protection against accidental loss, destruction, damage, unauthorised or illegal processing.
ASPIS Real Estate is responsible for, and able to demonstrate compliance with the General Data Protection Regulation to the competent Data Protection Authority.
4. Privacy Notice, Consent and Rights of Data Subjects
4.1. Notification to Data Subjects
Prior to or on collecting personal data for any processing activity undertaken by ASPIS Real Estate, including among other things the sale of products, services or marketing activities, ASPIS Real Estate provides adequate information to data subjects and, in particular, information about the types of personal data collected, the purposes of processing, the processing methods, the rights of data subjects in relation to their personal data, the length of retaining same, any international transfers, if the personal data are provided to third parties in the framework of co-operation, and the security measures implemented by ASPIS Real Estate to protect personal data. This information is provided through the Privacy Notice.
Where the legal grounds for collecting personal data is the data subject's consent, ASPIS Real Estate is responsible to ensure that data subjects provide their consent freely, by affirmative action, explicitly, and having been informed of the content of the document to which they consent. ASPIS Real Estate gives data subjects the opportunity to revoke their consent at any time. Where personal data of children under 16 years of age are collected, ASPIS Real Estate ensures that the Parent's consent has been obtained beforehand. Personal data must be processed only for the purpose for which they were originally collected. If ASPIS Real Estate wishes to process personal data for any other purpose, it must obtain the data subjects' consent in an explicit and specific form in writing. Any such request must contain the purpose for which the data were originally collected, and any new or additional purpose(s).
ASPIS Real Estate makes every effort to keep the number of personal data collected to a minimum. If the personal data are collected by a third party, ASPIS Real Estate ensures that these data are legitimately collected.
4.4. Relation of ASPIS Real Estate with Third Parties
Where ASPIS Real Estate has retained a third party to provide a service to its customers, or even uses a third party - supplier or commercial partner to process personal data on its behalf, ASPIS Real Estate ensures that the processor will provide adequate measures for the security and protection of the personal data in order to deal with any potential risks. ASPIS Real Estate makes every effort to ensure that its suppliers or commercial partners will only process personal data in the course of their contractual obligations towards ASPIS Real Estate, always in accordance with its instructions and for no other purpose.
4.5. Data Subjects' Rights of Access
As Data Controller, ASPIS Real Estate is responsible for providing data subjects with a mechanism for accessing their personal data which allows them to review, rectify, erase or transfer them. For the reason, you may use the form "APPLICATION OF DATA SUBJECT FOR ACCESS, RECTIFICATION, ERASURE, PROCESSING RESTRICTION, PORTABILITY AND OBJECTION TO DATA PROCESSING"
4.6. Data Portability
Data Subjects are entitled to obtain, at their request, a copy of the data they have provided to ASPIS Real Estate in a structured form, and transfer these data to another data controller. ASPIS Real Estate is responsible to ensure that such requests will be satisfied within one month, provided that they are not manifestly unfounded. When exercising the right to data portability, a data subject is entitled to request that the personal data be transferred directly from one data controller to another, if this is technically feasible.
4.7. Right to Erasure
Upon request, and under certain conditions, Data Subjects are entitled to ask ASPIS Real Estate to erase their personal data. ASPIS Real Estate will immediately take all action required to satisfy the request (including any technical steps), provided that such action is not in conflict with applicable laws, and will ensure the same for any third parties using or processing personal data on its behalf.
5. Responding to Personal Data Breaches
If ASPIS Real Estate is informed of a potential or actual breach of personal data, it will immediately conduct an internal inspection and take all appropriate remedies within reasonable time, in accordance with the Personal Data Breach Policy. If there is any risk to the rights and freedoms of data subjects, ASPIS Real Estate shall report the incident to the Authority without undue delay and, in any case, within 72 hours.
If you still have any questions or need any clarification in relation to the processing of your personal data by ASPIS Real Estate, please send an e-mail to DPOfficer@aspis-realestate.gr
and ASPIS Real Estate will be pleased to serve you.